package jdbc;

import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;

public class JDBCDemo8 {
    public static void main(String[] args) {
        // 在LoginDemo类中，我们实现登录功能会出现sql注入安全问题
        // 当用户恶意输入sql语句时，会出现登录成功问题
        UserInfo userInfo = InputUtil.getInputObject(new UserInfo(),"模拟登录","登录");
        try(
            Connection conn = DBUtil.getConnection();
        ){
            // sql语句
            String sql = "SELECT username,password,nickname " +
                    "FROM userinfo " +
                    "WHERE username =? AND password = ? ";
            PreparedStatement ps = conn.prepareStatement(sql);
            ps.setString(1,userInfo.getUsername());
            ps.setString(2,userInfo.getPassword());

            ResultSet rs = ps.executeQuery();
            if(rs.next()){
                System.out.println("登录成功");
            }else{
                System.out.println("登录失败");
            }

        }catch (Exception e){
            e.printStackTrace();
        }
    }
}
